From owner-freebsd-security Tue Dec 24 13:57:54 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id NAA06097 for security-outgoing; Tue, 24 Dec 1996 13:57:54 -0800 (PST) Received: from postoffice.cso.uiuc.edu (postoffice.cso.uiuc.edu [128.174.5.11]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id NAA06091 for ; Tue, 24 Dec 1996 13:57:51 -0800 (PST) Received: from alecto.physics.uiuc.edu (alecto.physics.uiuc.edu [128.174.83.167]) by postoffice.cso.uiuc.edu (8.6.12/8.6.12) with ESMTP id PAA274884; Tue, 24 Dec 1996 15:57:50 -0600 Received: by alecto.physics.uiuc.edu (940816.SGI.8.6.9/940406.SGI) id PAA23404; Tue, 24 Dec 1996 15:56:21 -0600 From: igor@alecto.physics.uiuc.edu (Igor Roshchin) Message-Id: <199612242156.PAA23404@alecto.physics.uiuc.edu> Subject: Re: Holes in default cron jobs (fwd) To: marcs@znep.com (Marc Slemko) Date: Tue, 24 Dec 1996 15:56:21 -0600 (CST) Cc: steve@edmweb.com, freebsd-security@freebsd.org In-Reply-To: from "Marc Slemko" at Dec 23, 96 11:01:35 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Modified: etc security > Log: > Move intermediary file generation to /var partition > > Revision Changes Path > 1.14 +2 -2 src/etc/security > > This change simply does: > > ----snip---- > --- security 1996/06/30 19:35:20 1.13 > +++ security 1996/07/31 06:47:05 1.14 > @@ -15,7 +15,7 @@ > echo "Subject: $host security check output" > > LOG=/var/log > -TMP=/tmp/_secure.$$ > +TMP=/var/run/_secure.$$ > > umask 027 > > ----snip---- > > which secures it by using /var/run, which shouldn't be world writable. Excuse me, I was wondering (it might be stupid, 'cause I am probably about something), why don't do a simple check for existence of the file, something like if ( -f $TMP ) then rm -rf $TMP endif Thanks for the answers, and Merry X-mas and Happy New Year! IgoR aka StR